Close Widget

Cybersecurity services and Integrated Risk Management solutions provider SureCloud, has announced it is one of the first companies to be accredited under the new CAA ASSURE scheme.

What is it?

ASSURE is an accreditation scheme created by the Civil Aviation Authority (CAA) in partnership with CREST the not-for-profit accreditation and certification body for the technical security industry. The scheme enables aviation organisations to procure accredited cybersecurity audit capabilities to perform an evidence-based validation of their self-assessment, and to support the CAA’s cybersecurity oversight strategy.


CREST and the CAA have accredited SureCloud under the rigorous process defined by the ASSURE framework. To meet ASSURE’s stringent requirements, SureCloud had to firstly be accredited to the CREST penetration testing discipline. SureCloud also had to demonstrate extensive knowledge in the following specialisms: Cyber-audit & risk management, technical cybersecurity expert and Industrial Control Systems /Operational Technology Expert. SureCloud then applied for accreditation, reviewed and approved by CREST and the CAA.

“To be one of only seven companies to be ASSURE accredited is a real testament to our capabilities, and we’re looking forward to broadening our proposition within the aviation space and helping organisations tackle the evolving cyber threats and challenges they face. It’s definitely another feather in the cap for SureCloud, and we’re really pleased to be recognised under such an esteemed scheme.”

Craig Moores, Practice Director of Risk Advisory at SureCloud

Where stipulated by the CAA, aviation organisations will now be required to complete a self-assessment of their cyber security using the CAA’s Cyber Assessment Framework (CAF) for Aviation. Aviation organisations may then be required to contract with an ASSURE Cyber Supplier, such as SureCloud, through the ASSURE Buyer’s Platform to audit their completed CAF for Aviation self-assessment, on behalf of the CAA.


“ASSURE is the latest scheme to strengthen the UK’s Critical National Infrastructure against growing cyber threats and supports the CAA’s Cyber Security Oversight strategy. CREST has also been working with the UK banking, telecommunications, nuclear and utilities sectors to develop effective accreditation schemes and intelligence-led cyber security testing and is also helping governments and regulators in other countries to adopt the same approach.” Ian Glover, president of CREST.

About SureCloud

SureCloud is a provider of Gartner recognised GRC software and Cyber & Risk Advisory services. Whether buying products or services, your organisation would benefit from automated workflows and insight from the award-winning SureCloud platform. All of SureCloud’s service offerings are fully compatible with the GRC suite of products enabling a seamless integration of information, taking your risk programmes to the next level.



CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years

How can we help?